CN106537268A - Method and system for assigning control authorization to computer - Google Patents

Method and system for assigning control authorization to computer Download PDF

Info

Publication number
CN106537268A
CN106537268A CN201580040702.5A CN201580040702A CN106537268A CN 106537268 A CN106537268 A CN 106537268A CN 201580040702 A CN201580040702 A CN 201580040702A CN 106537268 A CN106537268 A CN 106537268A
Authority
CN
China
Prior art keywords
computer
data
mode
control
master
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201580040702.5A
Other languages
Chinese (zh)
Other versions
CN106537268B (en
Inventor
M.阿姆布鲁斯特
C.尼德迈尔
J.扎瓦利施
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Siemens AG
Original Assignee
Siemens AG
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Siemens AG filed Critical Siemens AG
Publication of CN106537268A publication Critical patent/CN106537268A/en
Application granted granted Critical
Publication of CN106537268B publication Critical patent/CN106537268B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B19/00Programme-control systems
    • G05B19/02Programme-control systems electric
    • G05B19/04Programme control other than numerical control, i.e. in sequence controllers or logic controllers
    • G05B19/042Programme control other than numerical control, i.e. in sequence controllers or logic controllers using digital processors
    • G05B19/0428Safety, monitoring
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/16Error detection or correction of the data by redundancy in hardware
    • G06F11/1629Error detection by comparing the output of redundant processing systems
    • G06F11/1654Error detection by comparing the output of redundant processing systems where the output of only one of the redundant processing components can drive the attached hardware, e.g. memory or I/O
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B19/00Programme-control systems
    • G05B19/02Programme-control systems electric
    • G05B19/04Programme control other than numerical control, i.e. in sequence controllers or logic controllers
    • G05B19/042Programme control other than numerical control, i.e. in sequence controllers or logic controllers using digital processors
    • G05B19/0426Programming the control sequence
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/16Error detection or correction of the data by redundancy in hardware
    • G06F11/1629Error detection by comparing the output of redundant processing systems
    • G06F11/1633Error detection by comparing the output of redundant processing systems using mutual exchange of the output between the redundant processing components
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/16Error detection or correction of the data by redundancy in hardware
    • G06F11/1675Temporal synchronisation or re-synchronisation of redundant processing components
    • G06F11/1687Temporal synchronisation or re-synchronisation of redundant processing components at event level, e.g. by interrupt or result of polling
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B2219/00Program-control systems
    • G05B2219/20Pc systems
    • G05B2219/22Pc multi processor system
    • G05B2219/2231Master slave
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B2219/00Program-control systems
    • G05B2219/20Pc systems
    • G05B2219/22Pc multi processor system
    • G05B2219/2237Selection of master or slave
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B2219/00Program-control systems
    • G05B2219/20Pc systems
    • G05B2219/24Pc safety
    • G05B2219/24189Redundant processors monitor same point, common parameters

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Quality & Reliability (AREA)
  • General Engineering & Computer Science (AREA)
  • Automation & Control Theory (AREA)
  • Hardware Redundancy (AREA)
  • Control By Computers (AREA)

Abstract

The invention relates to a system (1), comprising at least two asynchronous computers (2-i), on each of which at least one application (A) is executed, which provides control data (SD) for at least one actuation system (3), wherein the provided control data (SD) are transmitted by a control-authorized computer (2-i) that assumes a master computer status (M-RS) to the actuation system (3) for the control thereof, wherein the computers (2-i) of the system (1) cyclically exchange state data (ZD) and performance data (LD) with each other by means of a data interface in a data exchange (DAS), wherein the computers (2-i) each determine, on the basis of the state and performance data (ZDopp, LDopp) received from other computers (2-j) and on the basis of the computer's own state and performance data (ZDown, LDown) in a master/slave selection (MSA) performed on the computer (2-i), a computer status (RS) as a control-authorized or non-control-authorized computer (2-i) to be assumed by the particular computer (2-i) itself.

Description

For assigning control authority to computer method and system
Technical field
The present invention relates to assign control authority for by principal and subordinate's selection method to computer method and system.
Background technology
System can include multiple different parts.For control unit, use as control unit and control can be provided The computer of data.The computer can perform one or more application or application program, the application or application Program provides control data to control the system unit of involved system.Part here to be controlled include executor or Person's actuator part, the executor or actuator part are controlled according to the control data for being obtained.Especially in peace It is necessary that actuator to be controlled obtains constantly and reliably correct control data in complete critical system.Cause This, in the critical system of such safety, redundantly arranges control unit or control computer mostly.In vehicle, hold The part of the determination of row mechanism or executor are that safety is critical so that do not allow the failure that control data occurs.In vehicle The example of the critical actuator unit of such safety be Vehicular brake device and/or Vehicular steering control apparatus.If many Individual computer is responsible for the control of critical actuator part or that safety is critical of such safety, then it is necessary that bright Really determine in redundant computer which be that Jing controls are authorized or give actuator supply control data.
The content of the invention
Therefore, task of the invention be realize it is a kind of for explicitly assigning control authority to one of multiple computers Method and system, reliably avoids the conflict of the control aspect in part between computer by described method and system.
According to the present invention, the task is solved by the system with the feature illustrated in Patent right requirement 1.
Therefore, according in a first aspect, the present invention realizes a kind of system, the system has:At least two asynchronous computers, Perform at least one application at least two asynchronous computer respectively, at least one application is provided at least one The control data of individual actuator, the control data provided in which by occupy master-computer mode for this controlled authorize Computer transmit to the actuator be used for the actuator control, wherein the computer of the system pass through data Interface is cyclically exchanged with each other status data and power data in data exchange, wherein the computer is based respectively on described The status data obtained from other computer in data exchange and power data and the status data and power based on itself Data determine in the principal and subordinate that performs on the computer selects treat by corresponding computer itself occupy as Jing controls The computer mode of computer that is authorizing or authorizing without control.
In a kind of possible embodiment of the system according to the present invention, the status data for being exchanged of computer has The following status data of computer:The status data illustrates the computer mode of computer.
In a kind of possible embodiment, the computer mode here of computer preferably has:
Master-the computer mode of the computer for controlling to authorize as Jing,
As the computer authorized without control from-computer mode and
As m- computer mode in the master of the computer for still being authorized by control.
In the alternatively possible embodiment of the system according to the present invention, each computer of the system is assigned Time window belonging to having, the computer described in the time window occupy m- computer shape in master in order to avoid master-main conflict State, wherein the time window of the different computers for the system assigned is different.
In the alternatively possible embodiment of the system according to the present invention, the time window point of the computer is dispatched to Great Yu not the following time period:The time period is by the asynchronism in the mutual communication cycle of the computer and/or passes through Asynchronism in the computer starting causes.
In the alternatively possible embodiment of the system according to the present invention, the two of two different computers are dispatched to The time difference of individual time window is more than the following time period, and the time period is replied for the data transfer to computer other respectively is It is required.
In the alternatively possible embodiment of the system according to the present invention, computer is after acknowledging time section expires Just occupy the computer mode determined for the computer of the computer.
In the alternatively possible embodiment of the system according to the present invention, each computer of the system based on With the status data and power data and the status data and work(based on itself obtained in the data exchange of other computer Rate data are that the other computer determines an expectation-computer mode respectively.
In the alternatively possible embodiment of the system according to the present invention, the computer of the system is based respectively on institute Expectation-computer the shape stated status data and power data and determined based on the computer involved by remaining computer is State determines the computer mode for treating itself to occupy by the computer in the principal and subordinate performed on the computer selects.
In the alternatively possible embodiment of the system according to the present invention, additionally basis occurs in a computer At least one computer interrupts to realize treating the determination of the computer mode occupied by the computer.
The computer interruption can be preferred that power breakdown.
In the alternatively possible embodiment of the system according to the present invention, the system is that the safety of redundancy is critical System, especially distributed system, the anti-ground transmitting control data that fails of the system is at least one actuator.
In the alternatively possible embodiment of the system according to the present invention, it is expired in the confirmation time period of computer Occupy the computer transmitting control data of the master-computer mode determined for the computer afterwards to the actuator and one Master-the computer mode occupied of the computer is kept directly, until the principal and subordinate performed on the computer selects true Surely it is used for another computer mode of the computer.
In the alternatively possible embodiment of the system according to the present invention, only occupy when up to the present The other computer of master-computer mode occupies other computer mode and in involved computer(Occupy From the computer of-computer mode)The principal and subordinate of upper execution select for involved computer determine master-computer mode when Wait, occupied from the computer of-computer mode and just occupied the master-meter has been transformed to from-computer mode from described Calculation machine state.
In the alternatively possible embodiment of the system according to the present invention, the status data of computer illustrates the meter The state of calculation machine.
In the alternatively possible embodiment of the system according to the present invention, power data is illustrated on the computer The performance of at least one application performed to produce the control data.
Additionally, according on the other hand, the present invention is realized with the feature illustrated in Patent right requirement 15 for dividing The method for sending control authority.
Accordingly, the present invention realize it is a kind of for assigning method of the control authority to one of multiple asynchronous computers of system, Controlling actuator, wherein methods described has steps of computer described in wherein described control authority mandate:
Selected by the principal and subordinate that performs on corresponding computer, based on the shape obtained from other computer in data exchange State data and power data and the status data of itself and power data based on the corresponding computer are calculated for each Machine determines the computer mode for treating to occupy by corresponding computer;And
Assign and give lower computer for the control authority for controlling actuator:It is true in its principal and subordinate selects for the computer Master-computer mode is determined.
Description of the drawings
Additionally, refer to the attached drawing elaborates the system according to the present invention and root for assigning control authority to computer According to the possible embodiment of the method for the present invention.
Wherein:
Fig. 1 is illustrated for illustrating the simple block diagram of the exemplary embodiment of the system according to the present invention;
Fig. 2 is illustrated for illustrating the work for being used for the method according to the invention and the system according to the present invention for assigning control authority Make the schematic diagram of principle;
Fig. 3 is illustrated for illustrating the exemplary embodiment for assigning control authority to the method according to the invention of computer Simple flow chart.
Specific embodiment
As can be seen in Figure 1 like that, the system according to the present invention 1 includes at least two in the embodiment illustrated Individual computer R, at least two computer can perform at least one respectively and apply A.This is provided for system using A Control data SD of 1 at least one actuator AKT.In the embodiment illustrated in fig. 1, system 1 has two asynchronous meters Calculation machine 2-1,2-2, they are in communication with each other or are exchanged with each other data.The two computers 2-1,2-2 are being counted by data-interface Status data ZD and power data LD is exchanged with each other cyclically according to exchanging in DAS.Data exchange here periodically, namely with pre- Given Time constant spacing is carried out.Based on the shape obtained from least one other computer in data exchange DAS State data and power data ZDopp、LDoppAnd the status data based on itself and power data ZDown、LDownIn the meter The principal and subordinate that performs on calculation machine R determine in selecting MSA treat by occupy controlling to authorize as Jing of corresponding computer 2-i itself or The computer mode of the computer that person is authorized without control.In the redundant system 1 that figure 1 illustrates, two computers 2-1,2-2 Produce control data, but only Jing control authorize computer transmitting control data to actuator 3 for the execution The control of mechanism.Actuator can be system unit, especially critical safely system unit, and the vehicle braking of such as vehicle is singly Unit.Control data for example can by control data bus by Jing control authorize computer transmit to actuator 3 for The control of the actuator.
The status data ZD for being exchanged of the computer preferably status datas with computer, the status data illustrate phase Computer mode RS of the computer 2-i for answering.The computer mode here of computer is preferably with the meter for controlling to authorize as Jing Master-the computer mode of calculation machine(M-RS), as without control authorize computer from-computer mode(S-RS), and make For m- computer mode in the master of the computer for temporarily being authorized by control(MI-RS).In the system according to the present invention 1, it is ensured that Control authority SB is to the clear and definite of computer 2-i and therefore reliable assigns for controlling actuator 3.Qualification or The assignment of person's control authority is clearly or ensuring escapement from confliction enters between the different computer 2-i for redundantly arranging of system 1 OK.Principal and subordinate is carried out between different computer 2-i and selects MSA.Principal and subordinate's mechanism is suitable for answering for redundantly implementing With or the asynchronous system of subregion cluster PC in guarantee system conformance.In the asynchronous system 1 that figure 1 illustrates, computer 2-i or Person which asynchronously works using A.If necessary for very short time window, Duo Geji for example during the conversion of computer mode Calculation machine can Jing control authorize or without control authorize.
In a kind of possible embodiment of the system according to the present invention, in the computer for redundantly arranging of system 1 Each be assigned with belonging to time window ZF, in the time window, corresponding computer 2-i is in order to avoid master-main conflict Occupy m- computer mode MI-RS in master.Here is dispatched to the time window ZF of different computer 2-i preferably for system 1 Different computer 2-i are different.In the part with the same loop time, can be in same circulation i or at one There is in circulation time migration ground to exchange information or information data.By two computer 2-1, -2 two energy supply units Freely activate between time difference produce further asynchronism.On the one hand by the energy for corresponding computer 2-i Time shift or prolong that machinery in the thyristor of the power control in the switch for freely activating of supply is determined Late and on the other hand by corresponding onboard power system until the dynamic of the energy supply plug of described two asynchronous computer 2-1,2-2 Property produce the asynchronism.
Based on the asynchronism for existing, following time period Δ t is produced:Two computers 2-1,2- described in the time period 2 start its principal and subordinate selects MSA, and also as corresponding computer assigns control authority.The time window ZF for being dispatched to computer is preferred Ground is respectively greater than following time period ZS:The time period is by the asynchronism in the mutual communication cycles of the computer 2-i And/or caused by the asynchronism when the computer 2-i starts.Figure 1 illustrates two for redundant system 1 count Calculation machine 2-1,2-2, the time window ZF for being assigned differently should be adjusted or difference is selected longly.
Draw:
Δt >Time period(The asynchronism of communication cycle)+ the time period(Typical asynchronous during startup).
Additionally, the time difference for being dispatched to two time window ZF of two different computer 2-1,2-2 is preferably greater than following Time period ZS ground is selected, and it is required that time period ZS is replied for the data transfer to corresponding other computer.
ABS(Δt(Rown)-Δt(Ropp))>Time period(To RoppData transfer reply).
The two computers 2-1,2-2 for example leading-main conflict in the case of be immediately placed on from-computer mode.
In order to assign for controlling the qualification of actuator 3 in traffic coverage, principal and subordinate's algorithm or principal and subordinate select MSA to distinguish Run on described two computer 2-1,2-2.Here, process with regard to the part in system 1 state status data ZD with And the power data LD of the part, the part is preferably determined in preposition basic process BP and is considered for phase The analysis answered.Successful principal and subordinate select after can determine it is following as a result:It is every in for different computer 2-1,2-2 One transmission is main-mark or from-mark and be there in that application for running A or each is local again Ground transmission master-identify or from-mark.
Mark preferred descriptions, corresponding computer 2-i in terms of actuator 3 be whether the computer that Jing controls are authorized or The computer that person is authorized without control.Then or from computer 2-1 the actuator 3 of system 1 obtains data or control number Control data SD2 is obtained according to SD1 or from computer 2-2, there is main-mark depending on which in two computers 2-1,2-2 And therefore depending on the control aspect of actuator 3 has changed into current master-computer.
Actuator 3 itself here of system 1 is not generally reexamined, and whether control data SD of arrival comes from authorization machine Structure.Control data SD up to actuator is considered in actuator 3 anyway, that is, actuator is by according to being obtained The function of the suitable described actuator in control data execution system 1.This following particular advantage of offer:That is system 1 is held Row mechanism 3 can particularly simply be carried out in a situation in which the method according to the present invention is applied or realize.That is, for transporting The technology of the actuator 3 in row system 1 is expended in the feelings using the system according to the present invention 1 or the method according to the invention It is significantly reduced under condition.
When not only control data SD is sent to actuator 3 from the computer that unique Jing controls mandate, The filtration of received control data SD can be carried out in actuator 3.If also without the computer for controlling to authorize from Jing Receive control data SD, then receive control data SD of the first computer that Jing controls are authorized as control data.If possible Two computers occur as the computer that Jing controls to authorize simultaneously, and their data were received by actuator 3 in the same time, Then one of the two computers are confirmed as preferentially.Prioritization here for example can be entered based on previously determined rule OK.The computer that identified Jing controls have been authorized in actuator 3 and the meter that another Jing controls are authorized in operation In the case that calculation machine is added, for example, can only receive the control data of the computer that original Jing controls are authorized.Newly add Control data SD for adding the computer that the Jing controls for coming are authorized can be dropped in this case.
The system that figure 1 illustrates is related to asynchronous superfluous with least two computer 2-i for functioning independently Remaining system.Each computer is in the certain visuals field of the moment ti with the part to its environment or system 1.The visual field is in system Exist in moment ti ± asynchronous time in 1 another computer.In application according to the present invention control authority system of selection In system 1, therefore the synchronization of the costliness for not needing computer 2-i mutual.Each computer is after acknowledging time section expires Just occupy computer mode RS determined for which of the computer.
Each computer 2-i of system 1 is based on the shape obtained by other computer in data exchange DAS State data and power data ZDopp、LDoppAnd the status data based on itself and power data ZDown、LDownIn the meter Computer mode RS of itself is determined in principal and subordinate's mechanism MSA performed on calculation machine and at least one other computer 2- Expectation-computer mode E-RS of i.This also schematically shows in fig. 2.The principal and subordinate's selection method one performed on computer i Aspect determines treats computer that is being occupied by corresponding computer R itself, controlling to authorize as Jing or authorizing without control Computer mode RS and additionally determine expectation-computer mode E- for the other computer of the difference in system 1 RS.This here is based on the status data and power number obtained by least one other computer 2-i in data exchange DAS According to ZDopp、LDoppAnd the status data of itself and power data ZD based on corresponding computer 2-iown、LDownCarry out.One In kind possible embodiment, treat the determination of the computer mode occupied by computer additionally according to going out in the computer At least one existing computer interrupts RI to carry out, as schematically shown in fig. 2.The computer interrupts For the power breakdown of involved computer 2-i.
Additionally, the computer 2-i of system 1 respectively can based on status data and power data and based on by system its Remaining computer is that expectation-computer mode E-RS that involved computer 2-i determines determines during principal and subordinate selects MSA and waits to lead to The computer mode that computer 2-i occupies itself is crossed, as equally schematically indicated that in fig. 2.It is shown in figure 2 Principal and subordinate's selection method is carried out on all asynchronous computer 2-i for redundantly arranging of the critical system 1 of safety, such as example in Fig. 1 In illustrate as.System 1 is preferably the critical system of safety of redundancy, and especially distributed system, prevents in the system Failure ground transmitting control data SD is at least one actuator 3 of system 1.The transmission of control data SD from system 1 is This computer 2-i departure place for authorizing is carried out.
Computer 2-i(Computer 2-i occupies the master-computer shape determined for which after its acknowledging time section expires State M-RS)Transmitting control data SD is to actuator 3 and is always maintained at its master-computer mode occupied, until in institute State the principal and subordinate performed on computer 2-i select MSA to determine for the computer 2-i other computer mode RS.
When the other computer for up to the present having occupied master-computer mode M-RS occupies other computer shape State and in involved computer(The computer 2-i from-computer mode S-RS is occupied)The principal and subordinate of upper execution selects MSAiWhen determining master-computer mode M-RS for involved computer 2-i, occupy from-computer mode S-RS Computer 2-i just transform to the master-computer mode from being occupied from-computer mode.
Of the invention in the system 1 of redundancy, especially in the system 1 of the redundancy being made from multiple components Assign in the method for control authority or transmitting rights or qualification, by the proper computer what a is authorized to this of system 1 2-i carries out the control of actuator 3.Here, status data and power data ZD, LD are considered and are utilized by the part of system 1. Based on the data analyzed, proper what a computer 2-i of just what a part or control unit namely system 1 obtains quilt Assign the authority for controlling actuator 3 or the qualification as main equipment.The main equipment is individually born as main equipment always Blame the control of actuator 3 and be always maintained at, until principal and subordinate selects the main equipment is downgraded into from equipment.Protected from equipment always Hold and be from equipment and the control of not responsible actuator 3 and be always maintained at, until should be main equipment from equipment lifting.This Outward, just become from equipment when main equipment is downgraded into from equipment and is stated into from equipment and is got out control actuator 3 Main equipment.
The status data ZD exchanged between computer 2-i includes the status data of computer.Computer can be preferably Occupy one of three different computer modes RS, lead-it is computer mode M-RS, m- from-computer mode S-RS and master Computer mode MI-RS.The main middle MI-RS of state is for example occupied in computer starting.It is m- in the main centre of state or master Computer mode MI-RS illustrates that corresponding computer occupies the other calculating of master-computer mode M-RS currently without seeing Machine.In master, m- computer mode MI-RS can be accounted in one or more circulation by multiple computer 2-i of system 1 simultaneously Have.Occupy it is main in the computer of m- computer mode MI-RS actuator is acted on during the time period as main equipment 3。
The status data ZD exchanged between the computer 2-i of system 1 includes computer mode RS of corresponding computer.Shape Therefore state data include principal and subordinate's information(It is master and slave, middle)And can include in a kind of possible embodiment other data, Especially time-out shortens instruction and other status datas.Except status data ZD, power data is also exchanged between computer 2-i LD.The power data LD explanation power or work efficiency or performance rate.The performance rate for example comes real as scalar It is existing, such as in 0 to 9 value scope.The performance rate is preferred to describe such as one dividing using A's or including multiple applications The enforcement quality of area's cluster, the plurality of application constitute observation unit BE.Once computer 2-i can be provided with regard to corresponding observation Unit(Using or subregion cluster)More preferable or higher performance rate, then computer 2-i heres preferably escalate into it is main- Computer is led-computer mode M-RS.By the method according to the invention, except performance rate or power data The state of computer is also contemplated for outside LD or status data ZD is considered.Impliedly, by the method according to the invention therefore reality The prioritization of computer during the different operation phase of system 1 now, especially during the startup of system 1.
For each state of the computer 2-i of system 1, itself priority or the performance of itself etc. are not only checked Level is relative to another or opposite(Opposite is contrary)Whether computer is identical, less or bigger, and preferably Ground checks that the opposite computer 2-i of system 1 there is what to be expected or another computer 2-i with regard to the priority of itself For involved itself(Own)Which expectation-computer mode E-RS computers has determined that.That is, in root According to additionally considering in a kind of possible embodiment of the method for the present invention, opposite computer is used as expectation-computer Whether state is it has been determined that whether involved computer should occupy master-computer mode.
Table below TAB illustrates the method according to the invention and the system according to the present invention 1 a kind of possible reality It is existing.
The realization for illustrating in the table is related to the system 1 with two computers 2-1,2-2, it is as illustrated in fig. 1 that Sample.The form can be implemented as parameterized lookup table.Each computer possesses a corresponding lookup table.The parameter Here is constituted by for realizing the counter status of time-out or time delay.The exemplary realization for illustrating in the table In, 37 kinds of possible system modes for two computers are shown in 37 rows of lookup table.Two computer 2-1, Each in 2-2 is occupied as the role from m- computer or master-computer in-computer, master.By principal and subordinate's selection method The primary data or mark of generation is output during circulation i and circulation i+1, as illustrated in the table.
The first row of form illustrates the identifier ID of different system modes.
The role of the first computer 2-i in secondary series explanation system 1.
3rd row illustrate the computer 2-i priority or performance compared with another computer 2-2 of identical systems 1 etc. Level.It means that the first computer 2-1 itself(Own)Performance rate or be equal to, less or greater than opposite (Opposite is contrary)The performance rate of another computer 2-2.
Expectation-computer mode E-RS determined by another computer 2-2 is shown in the 4th row, namely is calculated by second Machine 2-2 is expectation-computer mode E-RS that the first computer 2-1 determines.
Mark is interrupted in the explanation in the 5th row of form, is for computer and interrupts RI, especially with the presence or absence of computer Power breakdown.
In the exemplary realization for illustrating in the table, expect-computer mode E-RS can occupy value 0 or value 1.0 table Show, the view of another computer or opposite computer 2-2 is that the first computer 2-1 of itself is not main equipment respectively. Conversely, 1 represents that the view of opposite another computer 2-2 is that the first computer 2-1 of itself is main equipment.
If having selected for main equipment and having started process, interrupt mark and be set.This for example can serve as The no identification labelling restarted or start that there is computer.In the continuous service of the computer in system 1, for example, can occur So-called power breakdown, computer failure and and then and heavy-duty service in the case of the power breakdown.
The row " beMSStatusOwn " for illustrating in the table illustrate that corresponding computer is main equipment.Next column " beMSStatusIntermediate " is illustrated, computer has occupied m- computer mode MI-RS in master.Row " pcMSStatusOpp " is illustrated, opposite another computer(Opp- computers)It should be master-computer.Illustrate in the table X- description of symbols, the statement on involved position is inessential.
These row with regard to circulating i illustrate the memory updating with regard to circulating i.These row with regard to circulating i+1 illustrate pass In the memory updating of circulation i+1, the memory updating of the subsequent cycle of system 1 is for.
The calculating of the primary data or mark for subsequent cycle i+1, each computer 2-i are selected for principal and subordinate MSA does not consider opposite another computer, but itself.Opposite another computer equally implements principal and subordinate independently to this Selection method MSA and for itself determining which state which occupies.
If not obtaining data from another computer by a computer, principal and subordinate's selection method with predetermined parameter or Default value works.
Start in the row 1 of form, produce following.If involved computer is from-computer, namely is occupied from-meter Calculation machine state S-RS and with opposite another computer identical priority or identical performance rate, and separately The not expected involved computer of one computer should be master-computer and there is no computer interruption RI in addition, then involved Computer, as shown in the row 1 in form, be placed in it is main in m- computer mode MI-RS.Additionally, the computer To the mark set for process adapter.If the specific intervalometer of computer or timer expire(Change), the timing Device or timer are started by the set of mark, namely after the n circulation of predetermined number, then computer is from master M- computer mode MI-RS transforms to master-computer mode M-RS.
Intervalometer or timer measuring response time.The response time preferred computer is specifically conditioned and preferably For each computer 2-i is different.
The row for illustrating in the table is possible state and the arrangement for calculating.When each row for illustrating in the table is not indicated that Between process.Typically, starting the crossing site excessively to the final situation with result phase from the initial conditions with original state Multiple rows of form are crossed in the traversal of scape.Here, circulation is calculated for every, process a row.
In order to determine the function quality or performance quality of maximum possible, for each observation unit BE namely For each application or each by the subregion cluster PC that multiple applications are constituted cyclically can determine performance or work effect Rate.The different computers of system 1 be cyclically exchanged with each other power data LD and the power data itself can with it is thus determined that, Which in the computer can provide best performance for observed unit.
Methods described follows following strategy during circular flow:
If computer is main equipment with regard to observation unit, the computer always remains as main equipment, until the computer is certainly Body surrenders the main equipment-role or the master-computer mode.
If two computers simultaneously participate in principal and subordinate's distribution, only when main equipment up to the present has surrendered its angle Color or when being downgraded in principal and subordinate's selection method from-computer, the computer held from equipment-role is just switched to Main equipment.When master-computer failure, master-computer for example just loses its main equipment-role.
The method according to the invention significantly reduces the complexity of qualification or control authority assignment.
In a kind of possible embodiment, the corresponding program preferably by performing on the microprocessor of computer 2-i MSA is selected to carry out principal and subordinate.Each computer 2-i itself independently performs such principal and subordinate with another computer and selects MSA.It is main From selecting, MSA is to computer mode RS of all computers and related with the current state of computer.The look-up table realized When effectively lattice illustrate two computers operation principle.
Following time window ZE is excluded or is minimized by the method according to the invention and the system according to the present invention 1: In the time window, no computer provides control data as main equipment.Thus the stability and therefore safety of system are improved Property.
Another advantage of the system according to the present invention 1 is to minimize the switching period, namely when computer has occupied When main equipment-role, the computer remains main equipment as far as possible for a long time.Thus equally improve system 1, especially It is the stability for adjusting algorithm, thus improves the safety in system 1.Additionally, the method according to the invention and system 1 ensure, Constantly with the actuator 3 of maximum or optimum Properties Control or runtime 1.Thus also improve the fortune of system 1 Row safety.Control data is preferably included by computer-generated data, especially rated value.In the system according to the present invention 1 In, except master-computer mode and from-computer mode in addition to also using m- computer mode in main, m- meter in the master Calculation machine state is used for the mutually coordinated of computer and especially also avoids or minimize master-main conflict.Thus exclude or most The following time window of littleization:In the time window, dereliction-computer is available.In addition to the state of its own, each calculating Machine considers power data and the status data exchanged with other computer.Preferably, additionally treating what is occupied by computer The expection of other computer is together considered in terms of computer mode.Interruption appearance also preferably computer mode or Together considered in the determination of control authority.
The method according to the invention and system 1 can be applied with varied, especially with distributed computer structure The critical system of safety in apply.The method according to the invention and system 1 are for example adapted for industrial equipment or manufacturing equipment And it is suitable for conveying arrangement, such as train or motor vehicles.
In a kind of possible embodiment of the method according to the invention, computer can occupy different inside shapes State, such as DDC- states(Duplexing control-computer mode).These states for example include " being activation ", " I am just initial Change ", " be located at completely available shortly before ", " completely available ", " just recognized in the entire system I work as anterior angle Color ", " maintaining my role as the main equipment in whole system ", " using I am as the revocation of main equipment and am changed into from setting It is standby " etc..
Jing control authorize computer be capable of control system 1 actuator 3 and can become with remaining computer or Person remaining system 1 is with regard to following unification:I.e. finally who should control actuator 3.If computer is held from equipment-role, The computer also calculates control data SD for actuator 3 and the control data is written in internal storage. However, such control data SD is not forwarded in actuator 3 by the computer occupied from-computer mode S-RS.Only Want computer to occupy main equipment-role and possessed master-computer mode M-RS, then passing through for actuator 3 does not occur The control of another computer.
Due to existing in system 1 and desired asynchronism, calculate first, if the calculating of the determination in system 1 Machine can occupy main equipment-role, wherein yet with the asynchronism, corresponding result must also be for another in system 1 Outer circulation keeps unchangeably to be present.This necessity corresponding to the time demand for confirmation, namely when waiting one to confirm Between section.Such acknowledging time is preferably together considered in all important related calculating.Computer to switch in this true Recognize the time period expire after just occur.
The actuator 3 of system 1 or executor are controlled by computer application A.Complicated system 1 can include multiple Executor.In this case, control data SD can also be generated jointly by multiple different applications or a subregion cluster PC.

Claims (15)

1. a kind of system(1), the system has:
At least two asynchronous computers(2-i), at least one application is performed respectively at least two asynchronous computer (A), at least one application offer is at least one actuator(3)Control data(SD), the control provided in which Data processed(SD)By occupying master-computer mode(M-RS)Jing control authorize computer(2-i)Transmit to the execution machine Structure(3)For the control of the actuator,
Wherein described system(1)Computer(2-i)By data-interface in data exchange(DAS)In be cyclically exchanged with each other shape State data(ZD)And power data(LD),
Wherein described computer(2-i)It is based respectively in the data exchange(DAS)In from other computer(2-j)Obtain Status data and power data(ZDopp, LDopp)And based on itself status data and power data(ZDown, LDown) The computer(2-i)The principal and subordinate of upper execution selects(MSA)Middle determination is treated by corresponding computer(2-i)The conduct for itself occupying Computer that is that Jing controls are authorized or authorizing without control(2-i)Computer mode(RS).
2. system according to claim 1,
Its Computer(2-i)The status data for being exchanged(ZD)With the computer(2-i)Following status data:Institute State the computer mode that status data illustrates the computer(RS).
3. system according to claim 2,
Its Computer(2-i)Computer mode(RS)Have:
Master-the computer mode of the computer for controlling to authorize as Jing(M-RS)、
As the computer authorized without control from-computer mode(S-RS), and
As m- computer mode in the master of the computer for still being authorized by control(MI-RS).
4. system according to any one of claim 1 to 3, wherein the system(1)Each computer(2-i)Point Time window belonging to sending out(ZF), the computer described in the time window(2-i)Occupy in order to avoid master-main conflict in master M- computer mode(MI-RS), wherein assigned for the system(1)Different computers(2-i)Time window(ZF) It is different.
5. system according to claim 4,
The computer is dispatched to wherein(2-i)Time window(ZF)The respectively greater than following time period(ZS):The time period leads to Cross in the computer(2-i)Asynchronism during mutual communication cycle and/or by the computer(2-i)During startup Asynchronism causes.
6. the system according to claim 4 or 5,
Two different computers are dispatched to wherein(2-i, R-j)Two time windows(ZF)Time difference be more than the following time period (ZS), the time period(ZS)It is required to reply for the data transfer to computer other respectively.
7. system according to any one of claim 1 to 6, its Computer(2-i)After acknowledging time section expires Just occupy the computer mode determined for the computer of the computer(RS).
8. system according to any one of claim 1 to 7, wherein the system(1)Each computer(2-i)It is based on With other computer(2-j)Data exchange(DAS)The status data and power data of middle acquisition(ZDopp, LDopp)And Based on itself status data and power data(ZDown, LDown)For the other computer(2-j)A phase is determined respectively Prestige-computer mode(E-RS).
9. system according to claim 8, wherein the system(1)Each computer(2-i)It is based respectively on described Status data and power data(ZDown, LDown, ZDopp, LDopp)And based on by remaining computer(R-j)For involved Computer(2-i)It is determined that expectation-computer mode(E-RS)In the computer(2-i)The principal and subordinate of upper execution selects (MSA)Middle determination is treated by the computer(2-i)The computer mode itself occupied(RS).
10. system according to any one of claim 1 to 9, wherein additionally according in computer(2-i)Middle appearance At least one computer interrupts(RI), especially power breakdown to be being treated by the computer(2-i)The computer for occupying State(RS)Determination.
11. systems according to any one of claim 1 to 10, wherein the system(1)Be redundancy safety it is critical System, especially distributed system, the anti-ground transmitting control data that fails of the system(SD)To at least one actuator (AKT)On.
12. systems according to any one of claim 1 to 11, wherein in computer(2-i)The confirmation time period expire Occupy the master-computer mode determined for the computer afterwards(M-RS)Computer(2-i)Transmitting control data(SD)Extremely The actuator(3)And it is always maintained at the master-computer mode occupied of the computer(M-RS), until described Computer(2-i)The principal and subordinate of upper execution selects(MSA)It is determined that being used for the computer(2-i)Another computer mode(RS).
13. systems according to any one of claim 1 to 12, wherein only when up to the present having occupied main-meter Calculation machine state(M-RS)Other computer(2-j)Occupy other computer mode(RS)And in involved computer (2-i)The principal and subordinate of upper execution selects(MSA)For involved computer(2-i)It is determined that master-computer mode(M-RS)When, Occupy from-computer mode(S-RS)Computer(2-i)Just from its occupied from-computer mode(S-RS)Conversion To the master-computer mode(M-RS).
14. systems according to any one of claim 1 to 13, its Computer(2-i)Status data(ZD)Explanation The computer(2-i)State and the power data(LD)Illustrate in the computer(2-i)On it is described in order to produce Control data(SD)And at least one application for performing(A)Performance.
15. one kind are used to assign control authority to system(1)One of multiple asynchronous computers method, wherein the control Limit authorizes the computer(2)To control actuator(3), methods described has steps of:
(a)By in corresponding computer(2-i)The principal and subordinate of upper execution selects(MSA)Based in data exchange(DAS)In from another Outer computer(2-j)The status data and power data of acquisition(ZDopp, LDopp)And it is based on corresponding computer(2- i)The status data of itself and power data(ZDown, LDown)For each computer(2-i)It is determined that treating by corresponding meter Calculation machine(2-i)The computer mode occupied(RS);
(b)Assign(S2)For controlling the actuator(3)Control authority give lower computer(2):For the calculating Machine is selected in its principal and subordinate(MSA)Middle determination master-computer mode(M-RS).
CN201580040702.5A 2014-07-30 2015-07-24 For assigning control authority to computer method and system Active CN106537268B (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
DE102014214974 2014-07-30
DE102014214974.6 2014-07-30
PCT/EP2015/067031 WO2016016135A1 (en) 2014-07-30 2015-07-24 Method and system for assigning a control authorization to a computer

Publications (2)

Publication Number Publication Date
CN106537268A true CN106537268A (en) 2017-03-22
CN106537268B CN106537268B (en) 2019-10-11

Family

ID=53776573

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201580040702.5A Active CN106537268B (en) 2014-07-30 2015-07-24 For assigning control authority to computer method and system

Country Status (5)

Country Link
US (1) US10613502B2 (en)
EP (1) EP3143506B1 (en)
KR (1) KR101995515B1 (en)
CN (1) CN106537268B (en)
WO (1) WO2016016135A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018184699A1 (en) * 2017-04-07 2018-10-11 Ecole Polytechnique Federale De Lausanne (Epfl) A controller and an agreement protocol for a real-time control system
US10843792B2 (en) 2018-02-01 2020-11-24 Hamilton Sundstrand Corporation Autonomous reconfiguration of a multi-redundant actuator control system

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1046235A (en) * 1989-04-04 1990-10-17 横河电机株式会社 Duplex computer system
US5870301A (en) * 1995-03-30 1999-02-09 Fujitsu Limited System control apparatus including a master control unit and a slave control unit which maintain coherent information
CN1419662A (en) * 2000-04-28 2003-05-21 株式会社日立制作所 Multiplexing control system and multiplexing method therefor
US20050097165A1 (en) * 2002-03-11 2005-05-05 Metso Automation Oy Redundancy in process control system
CN1790283A (en) * 2004-12-13 2006-06-21 日本电气株式会社 Computer system, fault tolerant system using the same and operation control method and program thereof
CN1804811A (en) * 2004-12-21 2006-07-19 日本电气株式会社 Fault tolerant system and controller, operation method
CN101040264A (en) * 2004-10-15 2007-09-19 西门子公司 Method and device for redundancy control of electrical devices
EP1860564A1 (en) * 2006-05-26 2007-11-28 Siemens Aktiengesellschaft Method and device for exchanging data based on the OPC communication protocol between the redundant components of a process control system
CN101794142A (en) * 2009-11-02 2010-08-04 三一重机有限公司 Dual-computer redundancy control method and control device thereof
CN103377083A (en) * 2012-04-27 2013-10-30 西门子公司 Method of redundant automation system for operating the redundant automation system
CN103455005A (en) * 2013-09-06 2013-12-18 北京四方继保自动化股份有限公司 Controller redundancy and switching method

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6564721B2 (en) * 2001-03-26 2003-05-20 Robert L. Stiles Rail transport system

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1046235A (en) * 1989-04-04 1990-10-17 横河电机株式会社 Duplex computer system
US5870301A (en) * 1995-03-30 1999-02-09 Fujitsu Limited System control apparatus including a master control unit and a slave control unit which maintain coherent information
CN1419662A (en) * 2000-04-28 2003-05-21 株式会社日立制作所 Multiplexing control system and multiplexing method therefor
US20050097165A1 (en) * 2002-03-11 2005-05-05 Metso Automation Oy Redundancy in process control system
CN101040264A (en) * 2004-10-15 2007-09-19 西门子公司 Method and device for redundancy control of electrical devices
CN1790283A (en) * 2004-12-13 2006-06-21 日本电气株式会社 Computer system, fault tolerant system using the same and operation control method and program thereof
CN1804811A (en) * 2004-12-21 2006-07-19 日本电气株式会社 Fault tolerant system and controller, operation method
EP1860564A1 (en) * 2006-05-26 2007-11-28 Siemens Aktiengesellschaft Method and device for exchanging data based on the OPC communication protocol between the redundant components of a process control system
CN101794142A (en) * 2009-11-02 2010-08-04 三一重机有限公司 Dual-computer redundancy control method and control device thereof
CN103377083A (en) * 2012-04-27 2013-10-30 西门子公司 Method of redundant automation system for operating the redundant automation system
CN103455005A (en) * 2013-09-06 2013-12-18 北京四方继保自动化股份有限公司 Controller redundancy and switching method

Also Published As

Publication number Publication date
EP3143506B1 (en) 2019-09-04
CN106537268B (en) 2019-10-11
EP3143506A1 (en) 2017-03-22
US10613502B2 (en) 2020-04-07
WO2016016135A1 (en) 2016-02-04
US20170220018A1 (en) 2017-08-03
KR101995515B1 (en) 2019-07-02
KR20170039256A (en) 2017-04-10

Similar Documents

Publication Publication Date Title
US7360002B2 (en) Method of arbitrating access to a data bus
CN103491017B (en) Method for configurating canopen network, method for operating slave device of canopen network and system for controlling plc device using canopen network
US10747696B2 (en) Automatic master-slave system and approach
CN102549508A (en) Safety controller for controlling an automated system and method for generating a user program for a safety controller
ES2731834T3 (en) System and procedure for the control and / or analysis of an industrial process
CN106537268A (en) Method and system for assigning control authorization to computer
CN103649855B (en) A kind of method and system for dynamic allocator function in the control system of dispersion
JP6657456B2 (en) Gateway system for heterogeneous fieldbus
US10623203B2 (en) Bus system comprising a master component and a slave component that functions as master, and a method for controlling the same
US20050102556A1 (en) Programmable controller and duplexed network system
KR20150071563A (en) Control system of a air conditioner and controlling method thereof
KR20210022003A (en) Distributed multi-node control system and method
KR102347621B1 (en) Redundant heating, ventilation, and air conditioning control systems
AU2018275405B2 (en) Address assignment system and method for surgical lighthead components
US20200393816A1 (en) Control Unit and Method for Operating an Industrial Automation System Communication Network Comprising a Plurality of Communication Devices
CN106100957B (en) A kind of Profibus-DP communication manager for supporting programmable algorithms
US10712724B2 (en) Failsafe automation system
JP7057328B2 (en) Vehicle control device and vehicle control method
EP4096161A1 (en) Facilitating time sensitive network configuration for operating a distributed control system
JP7392150B2 (en) laser robot system
AU2018202430B2 (en) Method for controlling a plurality of machines, control system and plant
DE102012021888B4 (en) Communication method for distributed safety-related automation equipment
CN114595100A (en) Method for performing a calculation process on two different calculation units
EP2656555B1 (en) Controlling apparatus and method
JP2010130525A (en) Data communication system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant